openSUSE has issued advisories on April 9 and April 16: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EXT3Y5NEGCCPGZ7FTYURPUBTHNNJA6MF/ https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4XPNZHCXJ32COQGQ62HNGD6DHPO5E552/ Mageia 7 and Mageia 8 are also affected.
CC: (none) => mageiaWhiteboard: (none) => MGA8TOO, MGA7TOOStatus comment: (none) => Patch available from upstream
NicolasL has done recent CVE updates for this, so assigning the bug to you (no registered maintainer).
CC: mageia => (none)Assignee: bugsquad => mageia
fixed in cauldron mga7/8 src: - mga7: - wpa_supplicant-2.9-1.5.mga7 - hostapd-2.9-1.3.mga7 - mga8: - wpa_supplicant-2.9-8.2.mga8 - hostapd-2.9-5.1.mga8
Status comment: Patch available from upstream => (none)Whiteboard: MGA8TOO, MGA7TOO => MGA7TOOVersion: Cauldron => 8Assignee: mageia => qa-bugs
RPMS list: wpa_supplicant-2.9-1.5.mga7 wpa_supplicant-gui-2.9-1.5.mga7 hostapd-2.9-1.3.mga7 wpa_supplicant-2.9-8.2.mga8 wpa_supplicant-gui-2.9-8.2.mga8 hostapd-2.9-5.1.mga8
mga8-64 Plasma on an HP Probook 6550b with Intel wifi hardware, using Network Manager. No installation issues. Did a reboot, just to see if the network comes up normally. Also installed wpa_supplicant-gui for the first time, and took a look. The gui was not able to get any information about the network, presumably because it had not been configured yet. I decided against trying to configure it, as Network Manager already has that job and I didn't want to confuse things. However, I did look at the screens in the gui, and they all looked as I would expect. As far as I went, all looks good. Will try another system using the Network Center later.
CC: (none) => andrewsfarm
wpa_supplicant is used by NetworkManager MGA7 Plasma 64 with NetworkManager. Applying updates OK. Rebooting. WiFi still reachable and can connect to my AP. MGA8 Plasma 64 with NetworkManager. Applying updates OK. Restarting. Idem. WiFi still OK. FYI: # systemctl status wpa_supplicant ● wpa_supplicant.service - WPA Supplicant daemon Loaded: loaded (/usr/lib/systemd/system/wpa_supplicant.service; disabled; vendor preset: disabled) Active: active (running) since Tue 2021-06-08 21:32:23 CEST; 8s ago Main PID: 231876 (wpa_supplicant) Tasks: 1 (limit: 19128) Memory: 768.0K CPU: 2ms CGroup: /system.slice/wpa_supplicant.service └─231876 /usr/sbin/wpa_supplicant -u -P /run/wpa_supplicant.pid -s -c /etc/wpa_supplicant.conf juin 08 21:32:23 mageia.local systemd[1]: Starting WPA Supplicant daemon... juin 08 21:32:23 mageia.local wpa_supplicant[231876]: Successfully initialized wpa_supplicant juin 08 21:32:23 mageia.local systemd[1]: Started WPA Supplicant daemon. OK Good to go for wpa_supplicant part. For hostapd, this is to create an Access Point from your own WiFi card. > hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. The current version supports Linux (Host AP, mac80211-based drivers) and FreeBSD (net80211). > hostapd is designed to be a "daemon" program that runs in the background and acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. Not installed by default. A clean install on both system runs well. Unsure how to go further on this but, plasma-applet-nm has a "Access point" creation button. This seems to share system wired connection to WiFi Device. But, it requires dnsmasq which is not installed... Correcting mga8 srpm field.
CVE: (none) => CVE-2021-30004CC: (none) => ouaurelienSource RPM: wpa_supplicant-2.9-9.mga9.src.rpm, hostapd-2.9-5.mga8.src.rpm => wpa_supplicant-2.9-8.1.mga8.src.rpm, hostapd-2.9-5.mga8.src.rpm
Now I'm confused. I was going to test the mesa update with my old Dell Inspiron, so I decided to try this update with that, too. It's a 32-bit Xfce system, using our Network Center to manage connections. The update weent well, and afterward wifi came right up at boot and is working with no problems. But, when I tried the above status command I'm told wpa_supplicant is loaded but disabled, dead. Is this normal? Off to check Mageia 7 on the same hardware...
Yes, the Mageia network applet calls wpa_supplicant when it needs it, we don't use the systemd service.
Working OK in Mageia 7 32-bit, too. I don't have a clue about hostapd either, but from the description I doubt anyone would try to run it on real 32-bit hardware, anyway. So, I'm giving this an OK for mga8-64 and -32, and mga7-32. I have a 64-bit mga7 system handy that uses networkmanager, so I will give it a test on that, too (just in case)
Whiteboard: MGA7TOO => MGA7TOO MGA7-32-OK MGA8-32-OK MGA8-64-OK
Sorry Aurelien, I skipped right over the part where you had already checked mga7 as well. So, my tests confirm yours, except that in reading /usr/share/doc/hostapd/READ.ME, which admittedly is far beyond my understanding, hostapd seemed as if it does quite a bit more than you suggest. But, I did install it cleanly, and it didn't seem to hurt anything, so I'd say it's good to go. Adding the OK that should have been there before, and validating.
CC: (none) => sysadmin-bugsWhiteboard: MGA7TOO MGA7-32-OK MGA8-32-OK MGA8-64-OK => MGA7TOO MGA7-64-OK MGA8-64-OK MGA7-32-OK MGA8-32-OKKeywords: (none) => validated_update
Advisory: ============================== Updated wpa_supplicant and hostapd packages fix a security vulnerability The wpa_supplicant and hostapd packages are updated to fix a forging attacks that may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. (CVE-2021-30004). References: - https://bugs.mageia.org/show_bug.cgi?id=29046 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30004 - https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EXT3Y5NEGCCPGZ7FTYURPUBTHNNJA6MF/ - https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4XPNZHCXJ32COQGQ62HNGD6DHPO5E552/ ============================== Updated packages in 7/core/updates_testing: ============================== wpa_supplicant-2.9-1.5.mga7 wpa_supplicant-gui-2.9-1.5.mga7 hostapd-2.9-1.3.mga7 from SRPM: wpa_supplicant-2.9-1.5.mga7 hostapd-2.9-1.3.mga7 ============================== Updated packages in 8/core/updates_testing: ============================== wpa_supplicant-2.9-8.2.mga8 wpa_supplicant-gui-2.9-8.2.mga8 hostapd-2.9-5.1.mga8 from SRPM: wpa_supplicant-2.9-8.2.mga8 hostapd-2.9-5.1.mga8
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0254.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED